Release Notes 3.3.0
We are excited to introduce you to the latest version of Orchestrate v3.3.0 This release comes with new features, enhancements, and bug fixes.
New Features
Manage Large Input and Output Data
Orchestrate now has the ability to handle large volumes of data in the following scenarios:
Download Large Data: Analysts can preview data up to 4 MB and download data up to 64 MB in JSON format for offline analysis of the following features:
Input and output data of a Playbook node
Event or run log selection to run Playbooks
Event data of trigger events
Manual Input to Run Playbooks: Orchestrate enables analysts to import up to 64 MB of JSON data and pass it as input for playbook execution.
Create App Instances from Playbook Canvas
Analysts can create new instances of an app in the Playbook canvas. This eliminates the need for analysts to navigate to the Apps section to create instances thereby saving time and effort, and significantly improving the overall user experience.
Run Logs for Triggered Events
Analysts can view the run logs of playbooks that are executed by an event from the Trigger Events listing page. This helps analysts to view the run logs with minimum effort and respond faster to threats.
Enhancements
Playbook Store
Cyware Playbooks, a collection of all the out-of-the-box orchestration Playbooks is now available as Playbook Store.
In addition to the existing capabilities, the Playbook Store offers the following enhancements:
Previously, importing a Playbook created multiple copies of the same Playbook. Now, users can import Playbooks from the Playbook Store with an option to either create a new Playbook of the same name or replace an existing Playbook.
The Imported label helps analysts to distinguish and identify the imported Playbooks from the list of all the Playbooks available in the Playbook Store.
The New label enables analysts to identify the Playbooks published in the last 14 days.
The Playbook category on the listing page assists analysts to identify Playbooks based on the security use cases, such as incident enrichment, asset management, and more.
Playbook Node
The usability of the playbook node is improved with the following enhancements:
Previously, the node input was automatically saved in the run logs. To optimize data storage, users can now choose to exclude the node input from run logs by disabling the Save Node Input option.
The Playbook run logs now display the execution time of each node to enable analysts to review and optimize the node performance. This also helps in identifying nodes that are taking additional time to execute and potentially causing delays in the Playbook's execution.
View Documentation of App Nodes
The link to view the documentation is now available in the same interface while adding an app node to the playbook workflow. This eliminates the need for analysts to navigate to the Apps section to view the app documentation.
Add App Action Nodes with No Instances
While building a Playbook workflow, analysts can now view and select an app action even if the app instance is not configured. This provides analysts with the flexibility to choose from a list of app actions with or without instances and subsequently configure app instances.
Unique IDs for Triggered Events and Run Logs
To optimize search in Playbook run logs and triggered events, the following enhancements are introduced:
A run log is now associated with a unique ID for easier identification and tracking. For example, RL6e5daa85-0
The existing ID of triggered events is now trimmed to 12 characters. For example, TE2b8b284b-b
Password Reset Link
To ease the process of re-inviting users to the Orchestrate platform, administrators can send a password reset link to a user's email address.
Regenerate Open API Token
Orchestrate allows administrators to regenerate an open API token. This helps save time for administrators as it eliminates the need to create new open APIs each time when users do not have access to existing open API tokens.
Easy Access to Playbook Run Logs
The option to view run logs for a playbook was previously available under Statistics on the playbook listing page. In this release, you can view run logs by hovering over a playbook and clicking Run Logs.
Dedicated RBAC for Authentication Module
The authentication-related permissions were earlier available under the Configurations module. In this release, a dedicated RBAC (role-based access control) is introduced for the Authentication module. This offers better control to define authentication-related permissions to user groups.
Override App Versions while Importing
The workflow to import a custom app is now enhanced with an option to override an existing app version. This allows analysts to import and replace the existing app configurations instead of creating new versions of the app.
Bug Fixes
The issue in the Action Retry Count for Cyware Agent-enabled app nodes is now resolved.